このコンテンツは選択した言語では利用できません。

22.4. Enabling Management Encryption


Red Hat recommends enabling both management and I/O encryption, but if you only want to use I/O encryption, you can skip this section and continue with Section 22.3.1, “Enabling I/O Encryption”.

Prerequisites

  • Enabling management encryption requires that storage servers are offline. Schedule an outage window for volumes, applications, clients, and other end users before beginning this process. Be aware that features such as snapshots and geo-replication may also be affected by this outage.

Procedure 22.7. Enabling management encryption

  1. Prepare to enable encryption

    1. Unmount all volumes from all clients

      Run the following command on each client, for each volume mounted on that client.
      # umount mount-point
    2. Stop NFS Ganesha or SMB services, if used

      Run the following command on any gluster server to disable NFS-Ganesha.
      # systemctl stop nfs-ganesha
      Run the following command on any gluster server to stop SMB.
      # systemctl stop ctdb
    3. Unmount shared storage, if used

      Run the following command on all servers to unmount shared storage.
      # umount /var/run/gluster/shared_storage

      Important

      Features that require shared storage, such as snapshots and geo-replication, may not work until after this process is complete.
    4. Stop all volumes

      Run the following command on any server to stop all volumes, including the shared storage volume.
      # for vol in `gluster volume list`; do gluster --mode=script volume stop $vol; sleep 2s; done
    5. Stop gluster services on all servers

      For Red Hat Enterprise Linux 7 based installations:
      # systemctl stop glusterd
      # pkill glusterfs
      For Red Hat Enterprise Linux 6 based installations:
      # service glusterd stop
      # pkill glusterfs

      Important

      Bug 1635071 may cause glusterd to crash during shutdown, but there is no functionality impact to this crash. See Resolving glusterd crash for details.
  2. Create and edit the secure-access file on all servers and clients

    Create a new /var/lib/glusterd/secure-access file. This file can be empty if you are using the default settings.
    # touch /var/lib/glusterd/secure-access
    Your Certificate Authority may require changes to the SSL certificate depth setting, transport.socket.ssl-cert-depth, in order to work correctly. To edit this setting, add the following line to the secure-access file, replacing n with the certificate depth required by your Certificate Authority.
    echo "option transport.socket.ssl-cert-depth n" > /var/lib/glusterd/secure-access
  3. Clean up after configuring management encryption

    1. Start the glusterd service on all servers

      For Red Hat Enterprise Linux 7 based installations:
      # systemctl start glusterd
      For Red Hat Enterprise Linux 6 based installations:
      # service glusterd start
    2. Start all volumes

      Run the following command on any host to start all volumes including shared storage.
      # for vol in `gluster volume list`; do gluster --mode=script volume start $vol; sleep 2s; done
    3. Mount shared storage, if used

      Run the following command on all servers to mount shared storage.
      # mount -t glusterfs hostname:/gluster_shared_storage /run/gluster/shared_storage
    4. Restart NFS Ganesha or SMB services, if used

      Run the following command on any gluster server to start NFS-Ganesha.
      # systemctl start nfs-ganesha
      Run the following command on any gluster server to start SMB.
      # systemctl start ctdb
    5. Mount volumes on clients

      The process for mounting a volume depends on the protocol your client is using. The following command mounts a volume using the native FUSE protocol.
      # mount -t glusterfs server1:/testvolume /mnt/glusterfs
Red Hat logoGithubRedditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

© 2024 Red Hat, Inc.